jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21 commits 1 branch 0 tags 261 KiB
Commit graph

21 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeremie Fraeys
78ad592664
Add core infrastructure security and utility roles 
- Add firewall role for UFW/iptables management
- Add fail2ban role for intrusion prevention with Docker-aware jails
- Add postfix role for mail relay capabilities
- Add backups role for automated infrastructure backups
  - systemd timer for scheduled backups
  - Backup scripts for Docker volumes and configurations
 2026-02-21 18:30:42 -05:00
Jeremie Fraeys
ac19b5918f
Add documentation and infrastructure gap analysis 
- Update README.md with current architecture documentation
- Add INFRA_GAP_ANALYSIS.md for tracking infrastructure improvements
- Add .python-version for pyenv version management
 2026-02-21 18:30:33 -05:00
Jeremie Fraeys
e7b9546f7f
Update infrastructure tooling and configuration 
- Rename setup.sh to setup (drop extension for cleaner CLI)
- Update ansible.cfg for improved playbook execution
- Update .env.example with current environment variables
 2026-02-21 18:30:16 -05:00
Jeremie Fraeys
d36d3db10d
Add Redis cache to Forgejo 2026-02-21 18:27:04 -05:00
Jeremie Fraeys
67eb2227dd
refactor(scripts): simplify forgejo actions secret helper 
Keep only app_ssh_access essentials: generate keypairs, upload plaintext Actions secrets, optionally update vault public keys.
 2026-01-21 23:15:38 -05:00
Jeremie Fraeys
872d0cbe49
fix(forgejo): clearer PAT scope error for user/org secrets 
Exit cleanly on 403 for user/org scoped secrets and surface required token scope(s) when provided by the API.
 2026-01-21 23:10:48 -05:00
Jeremie Fraeys
0814900598
fix(scripts): python3.9 compatibility + better Forgejo secret errors 
- Replace PEP604 unions with typing.Optional for broader Python compatibility
- Print actionable guidance when user/org-scoped secret API calls return 403
 2026-01-21 23:09:44 -05:00
Jeremie Fraeys
35796b1069
feat(forgejo): set Actions secrets at user/org scope 
- Add --scope {user,org,repo} (default user) to upsert Actions secrets\n- Keep repo support and add --org for org scope\n- Include security caveat in CLI help and warning output
 2026-01-21 23:07:02 -05:00
Jeremie Fraeys
0c6d09abcd
fix(ssh): allow dual-stack runner source for restricted keys 
- Include web IPv6 alongside IPv4 in authorized_keys from= allowlist\n- Write web public IPv6 into inventory/host_vars/web.yml from Terraform outputs
 2026-01-21 15:08:36 -05:00
Jeremie Fraeys
8ac79d3300
feat(terraform): add services-ssh DNS record 
Add non-proxied Cloudflare A/AAAA records for services-ssh to support infra-controller SSH access.
 2026-01-21 14:43:43 -05:00
Jeremie Fraeys
92003e8f1c
fix(forgejo-runner): prevent duplicate runner registrations 
- Persist runner registration state by setting container working_dir to /data\n- Add post-register assertion that /opt/forgejo-runner/data/.runner exists
 2026-01-20 18:06:51 -05:00
Jeremie Fraeys
adca1b0ef9
chore(test): update test_config for current infra 
- Validate forgejo-runner compose stack on web host
- Validate infra-controller runtime directories on services host
- Improve missing-dir failure message with guidance
 2026-01-20 17:28:15 -05:00
Jeremie Fraeys
f9a7411cfb
chore(setup): improve setup.sh UX and update README 
- Add --help and ansible-only/no-terraform modes\n- Add basic prereq checks and clearer error messages\n- Update README with new setup options and python requirements for helper scripts
 2026-01-20 17:19:06 -05:00
Jeremie Fraeys
a22381492e
feat(infra-controller): add restricted SSH access role 
- Add infra_controller role to provision a dedicated user\n- Install register/deregister forced-command authorized_keys entries\n- Read SSH public keys from vault/env and restrict access by source IP
 2026-01-20 17:14:31 -05:00
Jeremie Fraeys
9e7b51b69a
docs: document Actions SSH key setup 
- Document required register/deregister SSH keys for controller workflows\n- Update vault.example.yml with FORGEJO_API_TOKEN and SSH public key placeholders
 2026-01-20 17:10:41 -05:00
Jeremie Fraeys
a3da8deb0f
feat(actions-ssh): use register/deregister keys for services access 
- Add app_ssh_access role to install forced-command keys for infra-register-stdin and infra-deregister\n- Ensure required infra-controller runtime directories exist on services host\n- Add helper script to generate/register both Actions SSH secrets and update vault public keys
 2026-01-20 17:10:02 -05:00
Jeremie Fraeys
c2056d4cd4
fix(forgejo-runner): validate label executor scheme 
- Set default runner label to 'self-hosted:docker://…'\n- Add an early assert to fail fast when labels use an invalid executor scheme
 2026-01-20 17:09:17 -05:00
Jeremie Fraeys
997aff6be3
initial infra commit 2026-01-19 15:02:13 -05:00
Jeremie Fraeys
1d2f8e6141
retry workflows with debian 2026-01-19 14:28:20 -05:00
Jeremie Fraeys
c397737ff1
retry actions 2026-01-19 14:27:52 -05:00
Jeremie Fraeys
3ab4e338b2
retry actions 2026-01-19 14:27:43 -05:00